<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->


<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!DOCTYPE html
  PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="DC.Type" content="topic">
<meta name="DC.Title" content="Replacing the DeviceManager Certificate">
<meta name="product" content="">
<meta name="DC.Relation" scheme="URI" content="en-us_topic_0000001583029352.html">
<meta name="prodname" content="">
<meta name="version" content="">
<meta name="brand" content="Anti-Ransomware ProtectManager">
<meta name="DC.Publisher" content="20220726">
<meta name="DC.Format" content="XHTML">
<meta name="DC.Identifier" content="EN-US_TOPIC_0000001633149057">
<meta name="DC.Language" content="en-us">
<link rel="stylesheet" type="text/css" href="public_sys-resources/commonltr.css">
<title>Replacing the DeviceManager Certificate</title>
</head>
<body style="clear:both; padding-left:10px; padding-top:5px; padding-right:5px; padding-bottom:5px"><a name="EN-US_TOPIC_0000001633149057"></a><a name="EN-US_TOPIC_0000001633149057"></a>

<h1 class="topictitle1">Replacing the DeviceManager Certificate</h1>
<div id="body8662426"><p id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_p7956145411484">It applies to the scenario where an external client communicates with the storage device. In this scenario, the storage device serves as a server while the external network management tool serves as a client. The certificate must be imported, but the CA certificate is optional.</p>
<div class="section" id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_section432918341424"><h4 class="sectiontitle">Context</h4><ul id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_ul166928371327"><li id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_li269223711218">In the device management certificate scenario, the server has a default certificate and does not support the certificate revocation list (CRL).</li><li id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_li7521174516218">To enhance security of links in device management certificate scenarios, you are advised to replace the default security certificates and private keys of the network management tool client and storage device with your security certificates and private keys.</li></ul>
</div>
<div class="section" id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_section1213016116513"><h4 class="sectiontitle">Procedure</h4><ol id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_ol03438685117"><li id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_li1838765965811"><span>Obtain the CSR file and private key.</span><p><div class="p" id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_p1284510599582">The following two methods are supported:<ul class="subitemlist" id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_ul149568549482"><li id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_li695614548487">On DeviceManager, export the CSR file in the device management certificate scenario. In this case, the corresponding private key is generated on the storage device and saved to the database.<p class="subitemlist" id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_p1132313685915"><a name="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_li695614548487"></a><a name="en-us_topic_0000001456305628_en-us_topic_0000001506049989_li695614548487"></a>For details, see <a href="en-us_topic_0000001633268429.html#EN-US_TOPIC_0000001633268429__en-us_topic_0000001506145385_en-us_topic_0000001263453192_li09558541489">how to export the CSR fi...</a>.</p>
</li><li id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_li4956654134818">Use the OpenSSL tool to generate a private key in plaintext and a CSR file.<p id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_p17956115419484"><a name="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_li4956654134818"></a><a name="en-us_topic_0000001456305628_en-us_topic_0000001506049989_li4956654134818"></a>For details, see <a href="en-us_topic_0000001633268429.html#EN-US_TOPIC_0000001633268429__en-us_topic_0000001506145385_en-us_topic_0000001263453192_li1695585410483">Use the OpenSSL tool to ...</a>.</p>
</li></ul>
</div>
</p></li><li id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_li149564542489"><span>Send the exported CSR file to the third-party CA center. After the CA center signs it or you use your enterprise's root certificate to sign it, the corresponding certificate and CA certificate are generated.</span><p><p class="litext" id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_p99565546480">For details about common third-party CA centers, see <a href="en-us_topic_0000001633268429.html#EN-US_TOPIC_0000001633268429__en-us_topic_0000001506145385_en-us_topic_0000001263453192_table60705275">Table 2</a>.</p>
</p></li><li id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_li512911282519"><span>Import the certificate file.</span><p><ul id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_ul1670862485110"><li id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_li070862485116">If the CSR file is generated on DeviceManager, import the signed certificate to the storage device.</li><li id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_li11708162415519">If the CSR file is generated using the OpenSSL tool, import the plaintext private key file and signed certificate to the storage device on DeviceManager.</li></ul>
<p id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_p1967853211596">For details about how to import a certificate, see <a href="en-us_topic_0000001633268429.html#EN-US_TOPIC_0000001633268429__en-us_topic_0000001506145385_en-us_topic_0000001263453192_li775722792914">3</a>. Change the operation of selecting the management plane domain authentication certificate to selecting the DeviceManager certificate.</p>
</p></li></ol>
</div>
<p id="EN-US_TOPIC_0000001633149057__en-us_topic_0000001456305628_en-us_topic_0000001506049989_p8060118"></p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0000001583029352.html">Replacing Certificates of a Storage Device</a></div>
</div>
</div>

<div class="hrcopyright"><hr size="2"></div><div class="hwcopyright">Copyright &copy; Huawei Technologies Co., Ltd.</div></body>
</html>